Restricted login for guest management and monitoring in IAP

‎01-17-201402:06 AM

Problem:

========In previous versions, if the network administrator wanted to allow someone else to create/delete internal guest accounts, or to check the network status in the UI, he/she had to give the admin username and password, which also allowed full access to all settings and operations.

Guest-management user: can view, modify, and delete internal guest user accountsRead-only user: can view all network settings but not modify any of them or perform any maintenance operation such as upgrade or reboot

These additional user accounts:-

==========================Are stored in IAP’s flash and can include at most one Read-only user and one Guest-management userAre not affected by whether IAP is managed by Aruba Central or an AMP in “manage mode”Do not support authentication through external radius serversDo not have access to the CLI

•Read-Only User can open the:

•Home page

•Maintenance page

•Support page

•Guest-Management User sees a reduced UI which only allows management of Guest Users

in CLI:-

mgmt-user admin admin

mgmt-user readonly 123123 read-only

mgmt-user guestmgmt 321321 guest-mgmt

•“show mgmt-user” on Master can display the Admin/Read-Only/Guest-Mgmt users’ configuration.

•“show user portal” on Master can display the current Guest users configured by Guest-Mgmt management user.

show summary” on Master can display the statistics of Guest users.

Preethi DevarajanSr. Network EngineerCustomer Advocacy | Aruba Networks Inc.Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.